Add Azure Permissions

To use Tag Manager to add tags to Azure resources, you must first grant permissions in the console to add and remove tags.

① Log in to the Azure Portal and go to the Subscriptions page.

② Click on the subscription name.

③ In the left menu, click Access Control (IAM), then click the [+ Add] button at the top left and select Add custom role.

④ Enter a name for the custom role, then leave the baseline permission setting as the default, start from scratch

⑤ In the JSON tab, click the [Edit] button at the top right and copy the code below and paste it under this section: "actions": [paste code here].

⑥ Click the [Save] button at the top right, then click [Review + Create] at the bottom left.

⑦ Back in the Access Control (IAM) page, click the [+ Add] button at the top left and select Add role assignment.

⑧ In the Role tab, search for and select the role you just created, then click the [Next] button at the bottom right.

⑨ In the Members tab, choose User, Group, or Service Principal under Assign access. Then click the + Select members button, choose the app you want to apply the custom role to from the panel on the right, and click [Select].

⑩ In the Review + Assign screen, click the [Review + Assign] button at the bottom left.